hedgedoc
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Platform to write and share markdown |
| Version | 1.10.3-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2331 | 1.8.2-1 | 1.9.0-1 | High | Fixed | |
| AVG-1946 | 1.8.1-1 | 1.8.2-1 | High | Fixed | |
| AVG-1908 | 1.7.2-3 | 1.8.0-1 | Medium | Fixed | |
| AVG-1876 | 1.7.2-2 | 1.7.2-3 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-39175 | AVG-2331 | High | Yes | Cross-site scripting | In HedgeDoc versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by... |
| CVE-2021-29503 | AVG-1946 | High | Yes | Cross-site scripting | HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting (XSS) attack using the YAML-metadata of a note. An attacker with write access to a... |
| CVE-2021-29474 | AVG-1876 | Medium | Yes | Information disclosure | A security issue has been found in HedgeDoc before version 1.8.0. An attacker can read arbitrary .md files from the server's filesystem due to an improper... |
| CVE-2021-21306 | AVG-1908 | Medium | Yes | Denial of service | In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 14 Sep 2021 | ASA-202109-1 | AVG-2331 | High | cross-site scripting |
| 19 May 2021 | ASA-202105-9 | AVG-1946 | High | cross-site scripting |